Information or content may be stored on a wide variety of media. As the speed and convenience of accessing and copying stored information have increased, the threat of unauthorized coping of the information has increased correspondingly. Various schemes have been employed to protect the stored information from unauthorized access. For instance, the content stored on the media may be encrypted with a secret key, or keys, known only to devices authorized to access the media. A disadvantage of only one key is the inability to revoke the authorization of a particular device, by changing the key, without revoking the authority of all devices to read the media. Some of the disadvantages of using multiple keys include the potentially large burden of transmitting and storing the keys for each particular device.
An alternative method developed to protect content from unauthorized copying uses a media key block (MKB) to authorize copying of the content, as described by a publication from 4C Entity, LLC, entitled “CONTENT PROTECTION FOR RECORDABLE MEDIA SPECIFICATION,” Revision 0.94 (Oct. 18, 2000). Authorized devices process the MKB to calculate, as described in part below, a media key allowing an authorized device to copy the content. The MKB method uses a media unique key to bind encrypted content to the media from which it will be played back.
An MKB is formatted as a sequence of contiguous records. Each record begins with a record type field, followed by a record length field. In order to process the MKB, each authorized device receives a set of “n” device keys. The “n” device keys are referred to as Kd_i (i=0, 1, . . . , n−1). For each device key there is an associated column and row value in the MKB, referred to as column value (Cd_i for i=0, 1, . . . , n−1) and row value (Rd_i for i=0, 1, . . . , n−1), respectively. An authorized device will have at most one device key for each column of the MKB. Though, an authorized device may have more than one device key per row.
The device keys and associated row and column values are kept secret. If a set of device keys is compromised, an updated MKB can be released that causes a device with the compromised set of device keys to calculate a different media key than is computed by the remaining compliant devices. In this way, the compromised device keys are “revoked” by the new MKB.
Using its device keys, a device calculates the media key by processing records of the MKB one-by-one from first to last. After processing of the MKB is completed, the device uses the most recently calculated media key value as the final value for the media key. If a device correctly processes an MKB using device keys that are revoked by that MKB, the resulting final media key will have the special value 0H, where H designates a hexadecimal number. This special value will never be an MKB's correct final media key value, and can therefore always be taken as an indication that the device's keys are revoked. If a device calculates this special media key value, it stops the authentication, playback, or recording session in progress, and will not use that media key value in any subsequent calculations.
A properly formatted MKB will have exactly one Verify Media Key Record (VMKR) as its first record. The VMKR may also be referred to as validation data. The VMKR contains the hexadecimal value DEADBEEF encrypted with the correct, final media key. The presence of the VMKR is mandatory, but the use of the VMKR by a device is not mandatory. A device may attempt to decrypt the VMKR using its current media key value during the processing of subsequent Records, checking each time for the hexadecimal value DEADBEEF. If the device successfully decrypts the VMKR, the device has already calculated the correct final media key value, and may therefore stop processing the MKB.
A properly formatted MKB will have exactly one calculate media key record (CMKR). Devices must ignore any CMKRs encountered after the first one in an MKB. The CMKR includes a column field. The column field indicates the associated column value for the device key to be used with this record, as described below. The CMKR also contains encrypted key data in each column corresponding to each of the device key rows. Before processing the CMKR, the device checks that the device has a device key with associated column value Cd_i=column, for some i.
If the device does not have a device key with the associated column value, the device ignores the rest of the CMKR. Otherwise, using the value i from the condition above, the device key and r=Rd_i, c=Cd_i, the device decrypts a media key value from the encrypted key data for row r=Rd_i. The resulting media key value becomes the current media key value.
A properly formatted MKB may have zero or more conditionally calculate media key records (C-CMKR). The C-CMKR contains encrypted conditional data. In the columns, the C-CMKR contains doubly encrypted key data. If decrypted successfully, as described below, the encrypted conditional data contains the hexadecimal value DEADBEEF and the associated column value for the device key to be used with this C-CMKR. Using its current media key value, the device decrypts conditional data from the encrypted conditional data.
Before continuing to process the Record, the device checks that the following conditions are true: the decrypted conditional data contains the hexadecimal value DEADBEEF and the device has a device key with a newly associated column value (i) decrypted from the conditional data. If any of these conditions is false, the device ignores the rest of the C-CMKR. Otherwise, using the value i from the condition above, the current media key value, and r=Rd_i, c=Cd_i, the device decrypts the doubly encrypted key data at the associated column in the C-CMKR. The device then decrypts the result of the first decryption of the doubly encrypted data using the device's i-th device key. The resulting media key becomes the current media key value.
As keys are compromised and revoked, the MKB can become quite large, with a size of several megabytes not being unusual. Since many types of media have limited read-only space, it becomes necessary to store the MKB on writeable areas of the media. Storing the MKB on the writeable area creates a vulnerability of the MKB to direct malicious tampering. In such a direct attack, the intent of the tamperer will likely be to substitute an older MKB for the current MKB stored on the media. In the alternative, the tamperer may substitute a portion of an older MKB for a portion of the current MKB stored on the media. Since the older MKB will still contain keys that are revoked by the current MKB, the substitution will potentially compromise the content protection provided by the current MKB.
Even if the MKB is stored on the readable area of the media, another weakness of the MKB approach is the ability for a man-in-the-middle attack to substitute an older MKB for the current MKB during the attempted processing of the current MKB. In the alternative, the man-in-the-middle attacker may substitute a portion of an older MKB for a portion of the current MKB during the attempted processing of the current MKB. Thus, a man-in-the-middle attack also potentially compromises the content protection provided by the current MKB.
Thus, media without a valid MKB could be read and readers without authorization could read content stored on protected media. In a variation on the MKB approach, a hash value is calculated over the MKB and stored on the read only area of the media. The reader reads the MKB, calculates a hash value of the MKB as read from the media and compares that hash value to the hash value as read from the read only area. Calculating the hash value however imposes an undesirable delay upon the authorization process. Therefore, it is desirable to improve upon the prior art.